Adam Perez writes: >Is there any danger in using AES128-CBC with a fixed IV of all zeros?
Yes. If you encrypt two messages with a common prefix under the same key, that fact will be readily apparent from the ciphertexts. This may leak information about the plaintext, depending upon the structure of your messages. Any decent crypto book will tell you about this weakness and recommend against use of CBC with a fixed IV. This is elementary stuff; I think you may need to get someone with more experience in cryptography advising you on these design questions. Of course, the fact that someone else uses bad design (if that is even correct) is not a good excuse for using poor practice yourself. WEP does all sorts of crazy things, but that doesn't mean you should copy what WEP does. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
